[BREAKING CHANGE] cleanup(falco)!: remove outputs.rate and outputs.max_burst from Falco config

falco.yaml

@@ -273,34 +273,6 @@ json_include_tags_property: true
 # output mechanism. By default, buffering is disabled (false).
 buffered_outputs: false
 
-# [Stable] `outputs`
-#
-# [DEPRECATED]
-# This config is deprecated and it will be removed in Falco 0.37
-#
-# A throttling mechanism, implemented as a token bucket, can be used to control
-# the rate of Falco outputs. Each event source has its own rate limiter,
-# ensuring that alerts from one source do not affect the throttling of others.
-# The following options control the mechanism:
-#  - rate: the number of tokens (i.e. right to send a notification) gained per
-#    second. When 0, the throttling mechanism is disabled. Defaults to 0.
-#  - max_burst: the maximum number of tokens outstanding. Defaults to 1000.
-#
-# For example, setting the rate to 1 allows Falco to send up to 1000
-# notifications initially, followed by 1 notification per second. The burst
-# capacity is fully restored after 1000 seconds of no activity.
-#
-# Throttling can be useful in various scenarios, such as preventing notification
-# floods, managing system load, controlling event processing, or complying with
-# rate limits imposed by external systems or APIs. It allows for better resource
-# utilization, avoids overwhelming downstream systems, and helps maintain a
-# balanced and controlled flow of notifications.
-#
-# With the default settings, the throttling mechanism is disabled.
-outputs:
-  rate: 0
-  max_burst: 1000
-
 # [Experimental] `rule_matching`
 #
 # The `rule_matching` configuration key's values are:

userspace/falco/app/actions/process_events.cpp

@@ -25,7 +25,6 @@ limitations under the License.
 #include <unordered_map>
 
 #include "falco_utils.h"
-#include "token_bucket.h"
 
 #include "actions.h"
 #include "helpers.h"
@@ -137,8 +136,6 @@ static falco::app::run_result do_inspect(
 	stats_writer::collector stats_collector(statsw);
 	uint64_t duration_start = 0;
 	uint32_t timeouts_since_last_success_or_msg = 0;
-	token_bucket rate_limiter;
-	const bool rate_limiter_enabled = s.config->m_notifications_rate > 0;
 	const bool is_capture_mode = source.empty();
 	size_t source_engine_idx = 0;
 
@@ -156,14 +153,6 @@ static falco::app::run_result do_inspect(
 		source_engine_idx = s.source_infos.at(source)->engine_idx;
 	}
 
-	// if enabled, init rate limiter
-	if (rate_limiter_enabled)
-	{
-		rate_limiter.init(
-			s.config->m_notifications_rate,
-			s.config->m_notifications_max_burst);
-	}
-
 	// reset event counter
 	num_evts = 0;
 
@@ -333,14 +322,7 @@ static falco::app::run_result do_inspect(
 		{
 			for(auto& rule_res : *res.get())
 			{
-				if (!rate_limiter_enabled || rate_limiter.claim())
-				{
-					s.outputs->handle_event(rule_res.evt, rule_res.rule, rule_res.source, rule_res.priority_num, rule_res.format, rule_res.tags);
-				}
-				else
-				{
-					falco_logger::log(LOG_DEBUG, "Skipping rate-limited notification for rule " + rule_res.rule + "\n");
-				}
+				s.outputs->handle_event(rule_res.evt, rule_res.rule, rule_res.source, rule_res.priority_num, rule_res.format, rule_res.tags);
 			}
 		}
 

userspace/falco/configuration.cpp

@@ -36,8 +36,6 @@ falco_configuration::falco_configuration():
 	m_json_output(false),
 	m_json_include_output_property(true),
 	m_json_include_tags_property(true),
-	m_notifications_rate(0),
-	m_notifications_max_burst(1000),
 	m_rule_matching(falco_common::rule_matching::FIRST),
 	m_watch_config_files(true),
 	m_buffered_outputs(false),
@@ -264,13 +262,6 @@ void falco_configuration::load_yaml(const std::string& config_name, const yaml_h
 
 	m_output_timeout = config.get_scalar<uint32_t>("output_timeout", 2000);
 
-	m_notifications_rate = config.get_scalar<uint32_t>("outputs.rate", 0);
-	if(m_notifications_rate != 0)
-	{
-		falco_logger::log(LOG_WARNING, "'output.rate' config is deprecated and it will be removed in Falco 0.37\n");
-	}
-	m_notifications_max_burst = config.get_scalar<uint32_t>("outputs.max_burst", 1000);
-
 	std::string rule_matching = config.get_scalar<std::string>("rule_matching", "first");
 	if (!falco_common::parse_rule_matching(rule_matching, m_rule_matching))
 	{

userspace/falco/configuration.h

@@ -65,8 +65,6 @@ class falco_configuration
 	bool m_json_include_tags_property;
 	std::string m_log_level;
 	std::vector<falco::outputs::config> m_outputs;
-	uint32_t m_notifications_rate;
-	uint32_t m_notifications_max_burst;
 
 	falco_common::priority_type m_min_priority;
 	falco_common::rule_matching m_rule_matching;